Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: How to crack a password in this way with hashcat ?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello, I am trying to crack a password which is from a HTTP Authorization header.

I don't know anything about the password and I don't have the hash value of the password, but I have the username, realm, method, uri and the nonce.

In order to generate a HTTP client's response, it requires:
Hash 1 = username:realm:password;
Hash 2 = method:uri;
Response = Hash 1:nonce:Hash 2;

How to crack the password by reading a word list and generate a MD5 Hash value for each of the word, and then combine with the username and realm to generate a new Hash(Hash_1), so we can combine it (Hash 2 and nonce) together and generate a response, and then compare it with the given response to check whether they are they same ?

Thank you...and sorry for my bad English.
This trac ticket https://hashcat.net/trac/ticket/539 seems to be related to your question.

The main reasons it wasn't implemented yet, was that the full details about the maximum length devs should support for each "part" is not clear.
Remember, MD5 works "block-wise", hence if the lengths of parts are limited (e.g. < 55) devs could optimize this algorithm, otherwise it might get quickly relatively slower.

Currently the algorithm is not yet supported, but maybe you can share some example hashes, more detailed information etc on the trac ticket mentioned above and it may get implemented sooner/prioritized.

Thx